US20030037244A1 - System management interrupt generation upon completion of cryptographic operation - Google Patents
System management interrupt generation upon completion of cryptographic operation Download PDFInfo
- Publication number
- US20030037244A1 US20030037244A1 US09/931,550 US93155001A US2003037244A1 US 20030037244 A1 US20030037244 A1 US 20030037244A1 US 93155001 A US93155001 A US 93155001A US 2003037244 A1 US2003037244 A1 US 2003037244A1
- Authority
- US
- United States
- Prior art keywords
- utility
- update
- flash
- smi
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
Definitions
- the present application relates to
- the present invention relates in general to information handling systems, and in particular, to the update of information in an information handling system.
- BIOS Basic Input/Output System
- the BIOS is programming that controls the basic hardware operations of the computer, including interaction with floppy disk drives, hard disk drives and the keyboard. Because of ever changing computer technologies, even though a computer may still be acceptable to a user, often the BIOS of that computer will not support all of the new technologies.
- a conventional method for upgrading the BIOS code or image of a computer is to physically replace the Read-Only-Memory (ROM) based BIOS, which in networks systems, would entail replacing the ROM-BIOS in each processor node, which is very time consuming and adds to the overall system down-time of the network.
- ROM Read-Only-Memory
- BIOS image associated with a processor without having to physically replace the ROM-BIOS at each computer in the network.
- one solution is to provide the computer with a Flash EPROM for the BIOS, also known as a Flash BIOS.
- Flash BIOS the BIOS image or a portion of the BIOS image can be updated by a software update. This is often performed by downloading or storing the Flash information onto a media storage device, such as a floppy disk, and using the disk at each computer to flash the BIOS.
- a media storage device such as a floppy disk
- a second method is to send the flash over the network to each computer in the network.
- the problem with this method is that the flash is subject to someone introducing malicious code, such as a virus, to the flash, thereby causing the BIOS to be flashed with a corrupt image.
- Yet another method includes transferring the flash information from the source computer to the receiving computer, with the flash information including the flash code, the flash code instructions and an encrypted digital signature corresponding to the identification of the flash code.
- the sender is authenticated and then the receiving computer is operably placed in a secure mode.
- a hash value corresponding to the flash information is calculated, and the digital signature from the flash information is decrypted.
- the flash code is validated by comparing the digital signature of the flash information to the calculated hash, and if validated, the BIOS is flashed with the new flash code, the new flash code is verified, and the computer re-booted power cycled.
- cryptographic verification of system management utilities e.g., BIOS update utilities
- the present invention addresses the foregoing need by adding an SMI generation capability to the cryptographic verification operation utilized to verify an update of a system management utility, such as the BIOS update utility.
- a system management utility such as the BIOS update utility.
- the SMI handler issues a signature verification request to a Trusted Platform Module (TPM) and returns control to the controlling application with a status code indicating it should begin polling the SMI handler for status.
- TPM issues the SMI.
- the SMI handler queries the TPM for status.
- the SMI handler updates its internal status and permits access to the requested resource assuming the verification is successful.
- the SMI handler Upon the next poll from the application, the SMI handler returns the status to the calling application, which would either continue or abort with the update operation.
- FIGS. 1 - 3 illustrate flow diagrams configured in accordance with the present invention.
- FIG. 4 illustrates an information handling system configured in accordance with the present invention.
- the present invention makes use of common cryptographic algorithms.
- Such cryptographic algorithms may be key-based, where special knowledge of variable information called a “key” is required to decrypt ciphertext.
- key-based algorithms There are two prevalent types of key-based algorithms: “symmetric” (also called secret key or single key algorithms) and “public key” (also called asymmetric algorithms). The security in these algorithms is centered around the keys—not the details of the algorithm itself. With asymmetric public key algorithms, the key used for encryption is different from the key used for decryption. It is generally very difficult to calculate the decryption key from an encryption key.
- the “public key” used for encryption is made public via a readily accessible directory, while the corresponding “private key” used for decryption is known only to the receipt of the ciphertext.
- a sender retrieves the recipient's public key and uses it to encrypt the message prior to sending it. The recipient then decrypts the message with the corresponding private key.
- FIG. 4 an example is shown of a data processing system 413 which may be used for the invention.
- the system has a central processing unit (CPU) 410 , which is coupled to various other components by system bus 412 .
- Read only memory (“ROM”) 416 is coupled to the system bus 412 and includes a basic input/output system (“BIOS ”) that controls certain basic functions of the data processing system 413 .
- RAM random access memory
- I/O adapter 418 may be a small computer system interface (“SCSI”) adapter that communicates with a disk storage device 420 .
- SCSI small computer system interface
- Communications adapter 434 interconnects bus 412 with an outside network 450 enabling the data processing system to communicate with other such systems.
- Input/Output devices are also connected to system bus 412 via user interface adapter 422 and display adapter 436 .
- Keyboard 424 and mouse 426 are interconnected to bus 412 via user interface adapter 422 .
- Display monitor 438 is connected to system bus 412 by display adapter 436 . In this manner, a user is capable of inputting to the system throughout the keyboard 424 or mouse 426 and receiving output from the system via display 438 .
- Implementations of the invention include implementations as a computer system programmed to execute the method or methods described herein, and as a computer program product.
- sets of instructions for executing the method or methods may be resident in the random access memory 414 of one or more computer systems configured generally as described above.
- the set of instructions may be stored as a computer program product in another computer memory, for example, in disk drive 420 (which may include a removable memory such as an optical disk or floppy disk for eventual use in the disk drive 420 ).
- the computer program product can also be stored at another computer and transmitted when desired to the user's workstation 413 by a network or by external network 450 such as the Internet.
- the physical storage of the sets of instructions physically changes the medium upon which it is stored so that the medium carries computer readable information.
- the change may be electrical, magnetic, chemical, biological, or some other physical change. While it is convenient to describe the invention in terms of instructions, symbols, characters, or the like, the reader should remember that all of these and similar terms should be associated with the appropriate physical elements.
- the invention may describe terms such as comparing, validating, selecting, identifying, or other terms that could be associated with a human operator.
- terms such as comparing, validating, selecting, identifying, or other terms that could be associated with a human operator.
- no action by a human operator is desirable.
- the operations described are, in large part, machine operations processing electrical signals to generate other electrical signals.
- the present invention is described with respect to the update of a BIOS image within a data processing system, such as system 413 .
- the present invention is applicable to the update of any data and/or image within an information handling system.
- the present invention makes use of the TCPA (Trusted Computing Platform Alliance) Specification where a trusted platform module (TPM) 451 has been installed within system 413 .
- TPM trusted platform module
- the TCPA Specification is published at www.trustedpc.org/home/home.htm, which is hereby incorporated by reference herein.
- the present invention may also be implemented using other cryptographic verification methods and processes.
- system 413 either automatically, or as a result of input from a user, will begin a process where the BIOS image is to be updated.
- a BIOS image may reside within ROM 416 or some other memory module within system 413 .
- the update of the BIOS image may be received over a network 450 or on a diskette.
- the flash application will initially request an unlock of the BIOS image from an SMI handler.
- FIG. 2 illustrates a process for implementing such an SMI handler in accordance with the present invention, wherein step 201 , the BIOS update application (flash utility) requests a flash unlock from the SMI handler.
- a receipt of an SMI causes the system to enter into a mode referred to as system management mode (SMM).
- SMIs can be asserted by an SMI timer, by a system request, or by other means, such as an application.
- An SMI is a non-maskable interrupt having almost the highest priority in the system 413 .
- CPU 410 maps a portion of memory referred to as the system management mode memory (SMM memory) into the main memory space (e.g., RAM 414 ). The entire CPU 410 state is then saved in the SMM memory in stack-like, last in/first out fashion.
- SMM memory system management mode memory
- CPU 410 After the initial processor state is saved, CPU 410 begins executing an SMI handler routine, which is an interrupt service routine typically performing system management tasks such as reducing power to specific devices or, as in the case of the present invention, providing a secure means for updating a flash utility. While the routine is executing, other interrupt requests are not serviced, and are ignored until the interrupt routine is completed or the CPU 410 is reset. When the SMI handler completes its task, the processor state is retrieved from the SMM memory, and the main program continues.
- SMI handler routine is an interrupt service routine typically performing system management tasks such as reducing power to specific devices or, as in the case of the present invention, providing a secure means for updating a flash utility. While the routine is executing, other interrupt requests are not serviced, and are ignored until the interrupt routine is completed or the CPU 410 is reset.
- SMI handler completes its task, the processor state is retrieved from the SMM memory, and the main program continues.
- step 202 a determination is made whether a verification of the BIOS update image is still pending. Since at this point, verification is not pending, the process will continue to step 203 , where an SMI handler requests cryptographic signature verification from the TPM 451 and sets a status code as Pending. The process in FIG. 2 will then proceed to step 204 , where the SMI handler exits and returns the Pending status to the BIOS update application of FIG. 1. In FIG. 1, it is at this point that the process will proceed to step 102 , where the Pending status set in step 203 is received from the SMI handler, and since the status code is set as Pending, in step 103 , the process of FIG. 1 will loop back to step 101 .
- step 203 has caused the initiation of the process in FIG. 3.
- the TPM 451 issues an SMI upon completion of a verification request (step 203 ) and an SMI handler queries the TPM 451 for the status of such cryptographic verification process.
- the TPM 451 may utilize a signature verification process that is a standard method that is used in many cryptographic systems.
- the sender of the BIOS image computes a “hash” of the original work (a hash is a mathematical computation that is performed on the input; the computation is designed such that the probability of being able to recreate the output without the identical input is low).
- the hash is encrypted using the sender's private key. This encrypted result is called the signature.
- the TPM 451 When the receiver, the TPM 451 , wishes to verify that the image is authentic, the TPM 451 computes the hash of what was received. The TPM 451 then decrypts the sender's signature by using the sender's public key and compares it to the newly computed hash. If they are identical, the TPM 451 then determines that the update image is authentic and has not been modified in transit.
- step 101 another request to unlock is sent to the SMI handler.
- step 101 another request to unlock is sent to the SMI handler.
- step 101 another request to unlock is sent to the SMI handler.
- step 101 another request to unlock is sent to the SMI handler.
- step 101 another request to unlock is sent to the SMI handler.
- step 101 another request to unlock is sent to the SMI handler.
- step 101 another request to unlock is sent to the SMI handler.
- step 205 determine whether the verification process in FIG. 3 has been completed. Since in this example it has not, the process proceeds to step 206 to confirm that the status of the operation of the present invention is still in a Pending state, and the SMI handler exits in step 204 returning to step 102 in FIG. 1. Since in step 103 , the status is still Pending, the process again loops back to step 101 .
- step 301 assumes that the verification process in step 301 has completed, and the TPM has determined that the BIOS update image received by system 413 , such as through network 450 , or on a diskette, has resulted in a verification that the image is authentic.
- the process in FIG. 3 will proceed from step 302 to step 303 to set the status as Successful.
- step 101 reoccurring, where a request to unlock is sent to the SMI handler (step 201 ). Since in step 202 , verification is still Pending, the process will proceed to step 205 . Since verification has been completed, the process will proceed to step 207 , where since verification has been Successful, the process proceeds to step 208 .
- the SMI handler will now unlock the flash memory to allow the update of the BIOS image and the SMI handler sets the status as a successful completion.
- step 204 the SMI handler exits and returns the process to step 102 in FIG. 1. Since the status is no longer Pending, the process proceeds from step 103 to step 104 . The status being Successful, the process proceeds to step 105 , where the BIOS has been updated, and the SMI handler is now called to lock the flash memory.
- step 304 the process would have proceeded to step 304 to set the status as Failed.
- step 102 in FIG. 1, when the Failed status was received from the SMI handler, the process would have proceeded to step 103 where the status is no longer pending, causing the process to proceed to step 104 . Since the Successful status has not been set, but instead it has been set as Failed, the process proceeds to step 106 to exit an Error. If the process in FIG. 1 had been at step 101 , this would have caused the process in FIG. 2 to begin again. Since the status was set as Failed in step 304 , the process in FIG.
- step 2 would have proceeded to steps 201 , 202 , 205 , 207 on toward step 209 to set the status as failed again.
- This Failed status would have then been returned to step 102 by step 204 , again causing the process in FIG. 1 to proceed through steps 103 , 104 , toward step 106 .
Abstract
Description
- The present application relates to
- U.S. patent application Ser. No. ______ [Attorney Docket No. RPS9-2001-0043], entitled “Proving BIOS Trust in a TCPA Compliant System”; and
- U.S. patent application Ser. No. ______ [Attorney Docket No. RPS9-2001-0046], entitled “Flash Update Using a Trusted Platform Module,” which are hereby incorporated by reference herein.
- The present invention relates in general to information handling systems, and in particular, to the update of information in an information handling system.
- The Basic Input/Output System (BIOS) of a computer is the backbone of the operation of that computer. The BIOS is programming that controls the basic hardware operations of the computer, including interaction with floppy disk drives, hard disk drives and the keyboard. Because of ever changing computer technologies, even though a computer may still be acceptable to a user, often the BIOS of that computer will not support all of the new technologies.
- A conventional method for upgrading the BIOS code or image of a computer is to physically replace the Read-Only-Memory (ROM) based BIOS, which in networks systems, would entail replacing the ROM-BIOS in each processor node, which is very time consuming and adds to the overall system down-time of the network.
- There have been solutions for updating a BIOS image associated with a processor without having to physically replace the ROM-BIOS at each computer in the network. For example, one solution is to provide the computer with a Flash EPROM for the BIOS, also known as a Flash BIOS. With a Flash BIOS, the BIOS image or a portion of the BIOS image can be updated by a software update. This is often performed by downloading or storing the Flash information onto a media storage device, such as a floppy disk, and using the disk at each computer to flash the BIOS. However, this is very time consuming, especially with large network systems. Further, some of the computers on the network may not have floppy drives or the proper medium transfer device.
- A second method is to send the flash over the network to each computer in the network. The problem with this method is that the flash is subject to someone introducing malicious code, such as a virus, to the flash, thereby causing the BIOS to be flashed with a corrupt image.
- Yet another method includes transferring the flash information from the source computer to the receiving computer, with the flash information including the flash code, the flash code instructions and an encrypted digital signature corresponding to the identification of the flash code. The sender is authenticated and then the receiving computer is operably placed in a secure mode. A hash value corresponding to the flash information is calculated, and the digital signature from the flash information is decrypted. The flash code is validated by comparing the digital signature of the flash information to the calculated hash, and if validated, the BIOS is flashed with the new flash code, the new flash code is verified, and the computer re-booted power cycled. However, cryptographic verification of system management utilities (e.g., BIOS update utilities) must be done in a secure manner. In most PC systems, the most secure way to do this is to have a system management interrupt (SMI) handler perform a cryptographic verification of the flash utility and update image. The time required to perform this verification may force the SMI handler to relinquish control while the computation is performed. Therefore, there is a need in the art for a way for the SMI handler to regain control after the cryptographic verification operation is complete.
- The present invention addresses the foregoing need by adding an SMI generation capability to the cryptographic verification operation utilized to verify an update of a system management utility, such as the BIOS update utility. With the addition of an SMI upon completion of a signature verification command, the SMI handler issues a signature verification request to a Trusted Platform Module (TPM) and returns control to the controlling application with a status code indicating it should begin polling the SMI handler for status. Upon completion of the verification operation, the TPM issues the SMI. The SMI handler then queries the TPM for status. The SMI handler then updates its internal status and permits access to the requested resource assuming the verification is successful. Upon the next poll from the application, the SMI handler returns the status to the calling application, which would either continue or abort with the update operation.
- The foregoing has outlined rather broadly the features and technical advantages of the present invention in order that the detailed description of the invention that follows may be better understood. Additional features and advantages of the invention will be described hereinafter which form the subject of the claims of the invention.
- For a more complete understanding of the present invention, and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
- FIGS.1-3 illustrate flow diagrams configured in accordance with the present invention; and
- FIG. 4 illustrates an information handling system configured in accordance with the present invention.
- In the following description, numerous specific details are set forth such as specific update utilities, etc. to provide a thorough understanding of the present invention. However, it will be obvious to those skilled in the art that the present invention may be practiced without such specific details. In other instances, well-known circuits have been shown in block diagram form in order not to obscure the present invention in unnecessary detail. For the most part, details concerning timing considerations and the like have been omitted in as much as such details are not necessary to obtain a complete understanding of the present invention and are within the skills of persons of ordinary skill in the relevant art.
- The present invention makes use of common cryptographic algorithms. Such cryptographic algorithms may be key-based, where special knowledge of variable information called a “key” is required to decrypt ciphertext. There are two prevalent types of key-based algorithms: “symmetric” (also called secret key or single key algorithms) and “public key” (also called asymmetric algorithms). The security in these algorithms is centered around the keys—not the details of the algorithm itself. With asymmetric public key algorithms, the key used for encryption is different from the key used for decryption. It is generally very difficult to calculate the decryption key from an encryption key. In a typical operation, the “public key” used for encryption is made public via a readily accessible directory, while the corresponding “private key” used for decryption is known only to the receipt of the ciphertext. In an exemplary public key transaction, a sender retrieves the recipient's public key and uses it to encrypt the message prior to sending it. The recipient then decrypts the message with the corresponding private key.
- It is also possible to encrypt a message using a private key and decrypt it using a public key. This is sometimes used in digital signatures to authenticate the source of a message, and is a process utilized within the present invention.
- Referring to FIG. 4, an example is shown of a
data processing system 413 which may be used for the invention. The system has a central processing unit (CPU) 410, which is coupled to various other components bysystem bus 412. Read only memory (“ROM”) 416 is coupled to thesystem bus 412 and includes a basic input/output system (“BIOS ”) that controls certain basic functions of thedata processing system 413. Random access memory (“RAM”) 414, I/O adapter 418, andcommunications adapter 434 are also coupled to thesystem bus 412. I/O adapter 418 may be a small computer system interface (“SCSI”) adapter that communicates with adisk storage device 420.Communications adapter 434interconnects bus 412 with anoutside network 450 enabling the data processing system to communicate with other such systems. Input/Output devices are also connected tosystem bus 412 viauser interface adapter 422 anddisplay adapter 436.Keyboard 424 andmouse 426 are interconnected tobus 412 viauser interface adapter 422.Display monitor 438 is connected tosystem bus 412 bydisplay adapter 436. In this manner, a user is capable of inputting to the system throughout thekeyboard 424 ormouse 426 and receiving output from the system viadisplay 438. - Implementations of the invention include implementations as a computer system programmed to execute the method or methods described herein, and as a computer program product. According to the computer system implementation, sets of instructions for executing the method or methods may be resident in the
random access memory 414 of one or more computer systems configured generally as described above. Until required by the computer system, the set of instructions may be stored as a computer program product in another computer memory, for example, in disk drive 420 (which may include a removable memory such as an optical disk or floppy disk for eventual use in the disk drive 420). Further, the computer program product can also be stored at another computer and transmitted when desired to the user'sworkstation 413 by a network or byexternal network 450 such as the Internet. One skilled in the art would appreciate that the physical storage of the sets of instructions physically changes the medium upon which it is stored so that the medium carries computer readable information. The change may be electrical, magnetic, chemical, biological, or some other physical change. While it is convenient to describe the invention in terms of instructions, symbols, characters, or the like, the reader should remember that all of these and similar terms should be associated with the appropriate physical elements. - Note that the invention may describe terms such as comparing, validating, selecting, identifying, or other terms that could be associated with a human operator. However, for at least a number of the operations described herein which form part of at least one of the embodiments, no action by a human operator is desirable. The operations described are, in large part, machine operations processing electrical signals to generate other electrical signals.
- The present invention is described with respect to the update of a BIOS image within a data processing system, such as
system 413. However, the present invention is applicable to the update of any data and/or image within an information handling system. - The present invention makes use of the TCPA (Trusted Computing Platform Alliance) Specification where a trusted platform module (TPM)451 has been installed within
system 413. The TCPA Specification is published at www.trustedpc.org/home/home.htm, which is hereby incorporated by reference herein. However, it should be noted that the present invention may also be implemented using other cryptographic verification methods and processes. - Referring to FIG. 1,
system 413, either automatically, or as a result of input from a user, will begin a process where the BIOS image is to be updated. Such a BIOS image may reside withinROM 416 or some other memory module withinsystem 413. The update of the BIOS image may be received over anetwork 450 or on a diskette. Instep 101, the flash application will initially request an unlock of the BIOS image from an SMI handler. FIG. 2 illustrates a process for implementing such an SMI handler in accordance with the present invention, whereinstep 201, the BIOS update application (flash utility) requests a flash unlock from the SMI handler. - A receipt of an SMI causes the system to enter into a mode referred to as system management mode (SMM). SMIs can be asserted by an SMI timer, by a system request, or by other means, such as an application. An SMI is a non-maskable interrupt having almost the highest priority in the
system 413. When an SMI is asserted,CPU 410 maps a portion of memory referred to as the system management mode memory (SMM memory) into the main memory space (e.g., RAM 414). Theentire CPU 410 state is then saved in the SMM memory in stack-like, last in/first out fashion. After the initial processor state is saved,CPU 410 begins executing an SMI handler routine, which is an interrupt service routine typically performing system management tasks such as reducing power to specific devices or, as in the case of the present invention, providing a secure means for updating a flash utility. While the routine is executing, other interrupt requests are not serviced, and are ignored until the interrupt routine is completed or theCPU 410 is reset. When the SMI handler completes its task, the processor state is retrieved from the SMM memory, and the main program continues. - In
step 202, a determination is made whether a verification of the BIOS update image is still pending. Since at this point, verification is not pending, the process will continue to step 203, where an SMI handler requests cryptographic signature verification from theTPM 451 and sets a status code as Pending. The process in FIG. 2 will then proceed to step 204, where the SMI handler exits and returns the Pending status to the BIOS update application of FIG. 1. In FIG. 1, it is at this point that the process will proceed to step 102, where the Pending status set instep 203 is received from the SMI handler, and since the status code is set as Pending, instep 103, the process of FIG. 1 will loop back to step 101. - While this is occurring,
step 203 has caused the initiation of the process in FIG. 3. Instep 301, theTPM 451 issues an SMI upon completion of a verification request (step 203) and an SMI handler queries theTPM 451 for the status of such cryptographic verification process. TheTPM 451 may utilize a signature verification process that is a standard method that is used in many cryptographic systems. The sender of the BIOS image computes a “hash” of the original work (a hash is a mathematical computation that is performed on the input; the computation is designed such that the probability of being able to recreate the output without the identical input is low). Then the hash is encrypted using the sender's private key. This encrypted result is called the signature. When the receiver, theTPM 451, wishes to verify that the image is authentic, theTPM 451 computes the hash of what was received. TheTPM 451 then decrypts the sender's signature by using the sender's public key and compares it to the newly computed hash. If they are identical, theTPM 451 then determines that the update image is authentic and has not been modified in transit. - Assume, for example, that the process in FIG. 3 is still pending. The process in FIG. 1 will continue, whereas in
step 101, another request to unlock is sent to the SMI handler. This initiates the process in FIG. 2, where fromstep 201, the process goes to step 202. Since the verification process of FIG. 3 is still pending, i.e., the status is still Pending, the process proceeds to step 205 to determine whether the verification process in FIG. 3 has been completed. Since in this example it has not, the process proceeds to step 206 to confirm that the status of the operation of the present invention is still in a Pending state, and the SMI handler exits instep 204 returning to step 102 in FIG. 1. Since instep 103, the status is still Pending, the process again loops back tostep 101. - Next, assume that the verification process in
step 301 has completed, and the TPM has determined that the BIOS update image received bysystem 413, such as throughnetwork 450, or on a diskette, has resulted in a verification that the image is authentic. As a result, the process in FIG. 3 will proceed fromstep 302 to step 303 to set the status as Successful. - Again, the process illustrated in FIG. 1 will operate with
step 101 reoccurring, where a request to unlock is sent to the SMI handler (step 201). Since instep 202, verification is still Pending, the process will proceed to step 205. Since verification has been completed, the process will proceed to step 207, where since verification has been Successful, the process proceeds to step 208. The SMI handler will now unlock the flash memory to allow the update of the BIOS image and the SMI handler sets the status as a successful completion. Instep 204, the SMI handler exits and returns the process to step 102 in FIG. 1. Since the status is no longer Pending, the process proceeds fromstep 103 to step 104. The status being Successful, the process proceeds to step 105, where the BIOS has been updated, and the SMI handler is now called to lock the flash memory. - If in the process of FIG. 3, the verification has not been successful in
step 302, the process would have proceeded to step 304 to set the status as Failed. Then, instep 102, in FIG. 1, when the Failed status was received from the SMI handler, the process would have proceeded to step 103 where the status is no longer pending, causing the process to proceed to step 104. Since the Successful status has not been set, but instead it has been set as Failed, the process proceeds to step 106 to exit an Error. If the process in FIG. 1 had been atstep 101, this would have caused the process in FIG. 2 to begin again. Since the status was set as Failed instep 304, the process in FIG. 2 would have proceeded tosteps step 209 to set the status as failed again. This Failed status would have then been returned to step 102 bystep 204, again causing the process in FIG. 1 to proceed throughsteps step 106. - Although the present invention and its advantages have been described in detail, it should be understood that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (19)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/931,550 US20030037244A1 (en) | 2001-08-16 | 2001-08-16 | System management interrupt generation upon completion of cryptographic operation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/931,550 US20030037244A1 (en) | 2001-08-16 | 2001-08-16 | System management interrupt generation upon completion of cryptographic operation |
Publications (1)
Publication Number | Publication Date |
---|---|
US20030037244A1 true US20030037244A1 (en) | 2003-02-20 |
Family
ID=25460954
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/931,550 Abandoned US20030037244A1 (en) | 2001-08-16 | 2001-08-16 | System management interrupt generation upon completion of cryptographic operation |
Country Status (1)
Country | Link |
---|---|
US (1) | US20030037244A1 (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050027914A1 (en) * | 2003-07-31 | 2005-02-03 | Per Hammalund | Inter-processor interrupts |
US20050108564A1 (en) * | 2003-11-13 | 2005-05-19 | International Business Machines Corporation | Reducing the boot time of a TCPA based computing system when the Core Root of Trust Measurement is embedded in the boot block code |
US20050213768A1 (en) * | 2004-03-24 | 2005-09-29 | Durham David M | Shared cryptographic key in networks with an embedded agent |
US20050216577A1 (en) * | 2004-03-24 | 2005-09-29 | Durham David M | Cooperative embedded agents |
US20060095967A1 (en) * | 2004-10-29 | 2006-05-04 | David Durham | Platform-based identification of host software circumvention |
US20060236125A1 (en) * | 2005-03-31 | 2006-10-19 | Ravi Sahita | Hardware-based authentication of a software program |
US20070169076A1 (en) * | 2005-10-28 | 2007-07-19 | Desselle Bernard D | Methods and systems for updating a BIOS image |
US20080077711A1 (en) * | 2006-09-21 | 2008-03-27 | Darren Cepulis | System ROM with an embedded disk image |
US20080130893A1 (en) * | 2006-11-30 | 2008-06-05 | Ibrahim Wael M | Methods and systems for utilizing cryptographic functions of a cryptographic co-processor |
US20120017285A1 (en) * | 2009-05-18 | 2012-01-19 | Mark A Piwonka | Systems and methods of determining a trust level from system management mode |
US9003560B1 (en) * | 2012-06-05 | 2015-04-07 | Rockwell Collins, Inc. | Secure enclosure with internal security components |
US9032385B2 (en) | 2011-12-28 | 2015-05-12 | Lg Electronics Inc. | Mobile terminal and control method thereof |
CN107943508A (en) * | 2017-12-08 | 2018-04-20 | 郑州云海信息技术有限公司 | It is a kind of based on service processor as the renewable BIOS update methods for trusting root |
CN109992933A (en) * | 2019-04-03 | 2019-07-09 | 中电科技(北京)有限公司 | The firmware of PIN-based code authorization starts method |
US11438162B2 (en) * | 2020-03-19 | 2022-09-06 | Arista Networks, Inc. | Network device authentication |
US11470075B2 (en) | 2020-03-19 | 2022-10-11 | Arista Networks, Inc. | Systems and methods for provisioning network devices |
US11632438B2 (en) | 2020-03-19 | 2023-04-18 | Arista Networks, Inc. | Device provisioning in a multi-tenant service |
Citations (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5148387A (en) * | 1989-02-22 | 1992-09-15 | Hitachi, Ltd. | Logic circuit and data processing apparatus using the same |
US5522076A (en) * | 1993-05-13 | 1996-05-28 | Kabushiki Kaisha Toshiba | Computer system having BIOS (basic input/output system)-ROM (Read Only Memory) writing function |
US5748888A (en) * | 1996-05-29 | 1998-05-05 | Compaq Computer Corporation | Method and apparatus for providing secure and private keyboard communications in computer systems |
US5802592A (en) * | 1996-05-31 | 1998-09-01 | International Business Machines Corporation | System and method for protecting integrity of alterable ROM using digital signatures |
US5835594A (en) * | 1996-02-09 | 1998-11-10 | Intel Corporation | Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage |
US5844986A (en) * | 1996-09-30 | 1998-12-01 | Intel Corporation | Secure BIOS |
US5859911A (en) * | 1997-04-16 | 1999-01-12 | Compaq Computer Corp. | Method for the secure remote flashing of the BIOS of a computer |
US5937063A (en) * | 1996-09-30 | 1999-08-10 | Intel Corporation | Secure boot |
US5944821A (en) * | 1996-07-11 | 1999-08-31 | Compaq Computer Corporation | Secure software registration and integrity assessment in a computer system |
US5949882A (en) * | 1996-12-13 | 1999-09-07 | Compaq Computer Corporation | Method and apparatus for allowing access to secured computer resources by utilzing a password and an external encryption algorithm |
US5974250A (en) * | 1996-12-13 | 1999-10-26 | Compaq Computer Corp. | System and method for secure information transmission over a network |
US5987536A (en) * | 1997-05-22 | 1999-11-16 | International Business Machines Corporation | Computer system having flash memory bios which can be accessed while protected mode operating system is running |
US6009524A (en) * | 1997-08-29 | 1999-12-28 | Compact Computer Corp | Method for the secure remote flashing of a BIOS memory |
US6138239A (en) * | 1998-11-13 | 2000-10-24 | N★Able Technologies, Inc. | Method and system for authenticating and utilizing secure resources in a computer system |
US6185678B1 (en) * | 1997-10-02 | 2001-02-06 | Trustees Of The University Of Pennsylvania | Secure and reliable bootstrap architecture |
US6188602B1 (en) * | 2000-01-25 | 2001-02-13 | Dell Usa, L.P. | Mechanism to commit data to a memory device with read-only access |
US6678833B1 (en) * | 2000-06-30 | 2004-01-13 | Intel Corporation | Protection of boot block data and accurate reporting of boot block contents |
-
2001
- 2001-08-16 US US09/931,550 patent/US20030037244A1/en not_active Abandoned
Patent Citations (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5148387A (en) * | 1989-02-22 | 1992-09-15 | Hitachi, Ltd. | Logic circuit and data processing apparatus using the same |
US5522076A (en) * | 1993-05-13 | 1996-05-28 | Kabushiki Kaisha Toshiba | Computer system having BIOS (basic input/output system)-ROM (Read Only Memory) writing function |
US5835594A (en) * | 1996-02-09 | 1998-11-10 | Intel Corporation | Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage |
US5748888A (en) * | 1996-05-29 | 1998-05-05 | Compaq Computer Corporation | Method and apparatus for providing secure and private keyboard communications in computer systems |
US5802592A (en) * | 1996-05-31 | 1998-09-01 | International Business Machines Corporation | System and method for protecting integrity of alterable ROM using digital signatures |
US5944821A (en) * | 1996-07-11 | 1999-08-31 | Compaq Computer Corporation | Secure software registration and integrity assessment in a computer system |
US5937063A (en) * | 1996-09-30 | 1999-08-10 | Intel Corporation | Secure boot |
US5844986A (en) * | 1996-09-30 | 1998-12-01 | Intel Corporation | Secure BIOS |
US5949882A (en) * | 1996-12-13 | 1999-09-07 | Compaq Computer Corporation | Method and apparatus for allowing access to secured computer resources by utilzing a password and an external encryption algorithm |
US5974250A (en) * | 1996-12-13 | 1999-10-26 | Compaq Computer Corp. | System and method for secure information transmission over a network |
US5859911A (en) * | 1997-04-16 | 1999-01-12 | Compaq Computer Corp. | Method for the secure remote flashing of the BIOS of a computer |
US5987536A (en) * | 1997-05-22 | 1999-11-16 | International Business Machines Corporation | Computer system having flash memory bios which can be accessed while protected mode operating system is running |
US6009524A (en) * | 1997-08-29 | 1999-12-28 | Compact Computer Corp | Method for the secure remote flashing of a BIOS memory |
US6185678B1 (en) * | 1997-10-02 | 2001-02-06 | Trustees Of The University Of Pennsylvania | Secure and reliable bootstrap architecture |
US6138239A (en) * | 1998-11-13 | 2000-10-24 | N★Able Technologies, Inc. | Method and system for authenticating and utilizing secure resources in a computer system |
US6188602B1 (en) * | 2000-01-25 | 2001-02-13 | Dell Usa, L.P. | Mechanism to commit data to a memory device with read-only access |
US6678833B1 (en) * | 2000-06-30 | 2004-01-13 | Intel Corporation | Protection of boot block data and accurate reporting of boot block contents |
Cited By (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050027914A1 (en) * | 2003-07-31 | 2005-02-03 | Per Hammalund | Inter-processor interrupts |
US8984199B2 (en) * | 2003-07-31 | 2015-03-17 | Intel Corporation | Inter-processor interrupts |
US7533274B2 (en) | 2003-11-13 | 2009-05-12 | International Business Machines Corporation | Reducing the boot time of a TCPA based computing system when the core root of trust measurement is embedded in the boot block code |
US20050108564A1 (en) * | 2003-11-13 | 2005-05-19 | International Business Machines Corporation | Reducing the boot time of a TCPA based computing system when the Core Root of Trust Measurement is embedded in the boot block code |
US20050213768A1 (en) * | 2004-03-24 | 2005-09-29 | Durham David M | Shared cryptographic key in networks with an embedded agent |
US20050216577A1 (en) * | 2004-03-24 | 2005-09-29 | Durham David M | Cooperative embedded agents |
WO2005101197A3 (en) * | 2004-03-24 | 2006-06-01 | Intel Corp | Cooperative embedded agents |
US7653727B2 (en) | 2004-03-24 | 2010-01-26 | Intel Corporation | Cooperative embedded agents |
KR100855803B1 (en) * | 2004-03-24 | 2008-09-01 | 인텔 코오퍼레이션 | Cooperative embedded agents |
US20060095967A1 (en) * | 2004-10-29 | 2006-05-04 | David Durham | Platform-based identification of host software circumvention |
US7594269B2 (en) | 2004-10-29 | 2009-09-22 | Intel Corporation | Platform-based identification of host software circumvention |
US20060236125A1 (en) * | 2005-03-31 | 2006-10-19 | Ravi Sahita | Hardware-based authentication of a software program |
US7739517B2 (en) | 2005-03-31 | 2010-06-15 | Intel Corporation | Hardware-based authentication of a software program |
US20070169076A1 (en) * | 2005-10-28 | 2007-07-19 | Desselle Bernard D | Methods and systems for updating a BIOS image |
US20080077711A1 (en) * | 2006-09-21 | 2008-03-27 | Darren Cepulis | System ROM with an embedded disk image |
US9052916B2 (en) * | 2006-09-21 | 2015-06-09 | Hewlett-Packard Development Company, L.P. | System ROM with an embedded disk image |
US7986786B2 (en) * | 2006-11-30 | 2011-07-26 | Hewlett-Packard Development Company, L.P. | Methods and systems for utilizing cryptographic functions of a cryptographic co-processor |
US8670568B2 (en) | 2006-11-30 | 2014-03-11 | Hewlett-Packard Development Company, L.P. | Methods and systems for utilizing cryptographic functions of a cryptographic co-processor |
US20080130893A1 (en) * | 2006-11-30 | 2008-06-05 | Ibrahim Wael M | Methods and systems for utilizing cryptographic functions of a cryptographic co-processor |
US8850601B2 (en) * | 2009-05-18 | 2014-09-30 | Hewlett-Packard Development Company, L.P. | Systems and methods of determining a trust level from system management mode |
US20120017285A1 (en) * | 2009-05-18 | 2012-01-19 | Mark A Piwonka | Systems and methods of determining a trust level from system management mode |
US9032385B2 (en) | 2011-12-28 | 2015-05-12 | Lg Electronics Inc. | Mobile terminal and control method thereof |
US9575742B2 (en) | 2011-12-28 | 2017-02-21 | Microsoft Technology Licensing, Llc | Mobile terminal and control method thereof |
US10949188B2 (en) | 2011-12-28 | 2021-03-16 | Microsoft Technology Licensing, Llc | Mobile terminal and control method thereof |
US9003560B1 (en) * | 2012-06-05 | 2015-04-07 | Rockwell Collins, Inc. | Secure enclosure with internal security components |
CN107943508A (en) * | 2017-12-08 | 2018-04-20 | 郑州云海信息技术有限公司 | It is a kind of based on service processor as the renewable BIOS update methods for trusting root |
CN109992933A (en) * | 2019-04-03 | 2019-07-09 | 中电科技(北京)有限公司 | The firmware of PIN-based code authorization starts method |
US11438162B2 (en) * | 2020-03-19 | 2022-09-06 | Arista Networks, Inc. | Network device authentication |
US11470075B2 (en) | 2020-03-19 | 2022-10-11 | Arista Networks, Inc. | Systems and methods for provisioning network devices |
US11632438B2 (en) | 2020-03-19 | 2023-04-18 | Arista Networks, Inc. | Device provisioning in a multi-tenant service |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7484105B2 (en) | Flash update using a trusted platform module | |
US6993648B2 (en) | Proving BIOS trust in a TCPA compliant system | |
CN109313690B (en) | Self-contained encrypted boot policy verification | |
US20030037244A1 (en) | System management interrupt generation upon completion of cryptographic operation | |
CN101258505B (en) | Secure software updates | |
JP5703391B2 (en) | System and method for tamper resistant boot processing | |
TWI684890B (en) | System and method for computing device with improved firmware service security using credential-derived encryption key | |
US8522361B2 (en) | Tokenized resource access | |
EP2372597B1 (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
KR101904303B1 (en) | Security software authentication and verification | |
US20050044363A1 (en) | Trusted remote firmware interface | |
CN101443774A (en) | Optimized integrity verification procedures | |
US8090946B2 (en) | Inter-system binding method and application based on hardware security unit | |
KR20090109589A (en) | Secure protection method for access to protected resources in a processor | |
US20170331814A1 (en) | Data security | |
JP2007512787A (en) | Trusted mobile platform architecture | |
US11106798B2 (en) | Automatically replacing versions of a key database for secure boots | |
US20080022124A1 (en) | Methods and apparatus to offload cryptographic processes | |
CN110730159B (en) | TrustZone-based secure and trusted hybrid system starting method | |
US20050246760A1 (en) | Verifying measurable aspects associated with a module | |
US20240037216A1 (en) | Systems And Methods For Creating Trustworthy Orchestration Instructions Within A Containerized Computing Environment For Validation Within An Alternate Computing Environment | |
WO2023145240A1 (en) | Information processing device and information processing system | |
CN115730293A (en) | AT instruction authority management method, AT instruction authority management device, computer equipment and storage medium | |
TW202111576A (en) | Authentication method | |
KR20070017455A (en) | Secure protection method for access to protected resources in a processor |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: INTERNATIONAL BUSINESS MACHINES CORP., NEW YORK Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:GOODMAN, STEVEN DALE;HOFF, JAMES PATRICK;SPRINGFIELD, RANDALL SCOTT;AND OTHERS;REEL/FRAME:012099/0815;SIGNING DATES FROM 20010725 TO 20010813 |
|
AS | Assignment |
Owner name: LENOVO (SINGAPORE) PTE LTD., SINGAPORE Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INTERNATIONAL BUSINESS MACHINES CORPORATION;REEL/FRAME:016891/0507 Effective date: 20050520 Owner name: LENOVO (SINGAPORE) PTE LTD.,SINGAPORE Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INTERNATIONAL BUSINESS MACHINES CORPORATION;REEL/FRAME:016891/0507 Effective date: 20050520 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- AFTER EXAMINER'S ANSWER OR BOARD OF APPEALS DECISION |